Y
Hacker News
new
|
ask
|
show
|
jobs
by
u801e
3104 days ago
The spoofing site wouldn't/shouldn't be able to pass the browser validation of the TLS server side certificate.
1 comments
StavrosK
3104 days ago
Why not? How hard is it to get a cert for a domain that looks like paypal-businesscenter.com?
link
cjwhite
3103 days ago
Moreover, the browser could remember the expected shared secret based on its and the server's RSA exchange.
link